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DIRECTOR OF CENTRAL INTELLIGENCE 
SECURITY COMMITTEE 
COMPUTER SECURITY SUBCOMMITTEE 


28 October 1981 
DCISEC-CSS-M140 

-1. The One Hundred and F ortieth meeting of the C omputer Security Subcommittee 
STAX was held on 20 October 1981 at , McLean, VA. The meeting was 

convened at 0930, and in attendance were: 


STAT 

STAT 

STAT 


STAT 


STAT 


[Chairman 

Executive Secretary 
^CIA 

CIA 

Mr. Robert Graytock, Department of Justice 
Mr. Carl Martz, Navy 

Mr. T.vnn McNnlrv. nenarfmp nf of State 

NSA 

Mr . Robe rt Storck. F. BI 
Mr. James Studer, Army 

Mr . James Schenk en, U.S. Secret Service 

SECOM 


STAT 

STAT 

STAT 


2. The minutes from the previous meeting xvere reviewed; there were no changes 
or comments (although it was pointed out that one of the enclosures had been included 
twice), and thus the minutes were accepted as written. 

3. I ^started tli e meeting with a review of pertinent discussions from the 

annual SECOM seminar, held at Among the topics which came up for 

discussion were the revised DCID, and the situation at the Inter national Institute for 
Applied Systems Analysis (IIASA) in Vienna, Austria. | [ stated that there was 

a general expression of concern over the computer security problem, and that there 
was a desire expressed for tutorial material (e.g., films, videotapes) available for 
distribution within the Intelligence Community, which could be used as part of a 
general security education program. It was pointed out that, for anyone interested in 
a more complete review of the proceedings, minutes of the seminar will be distributed 
to the SECOM members. 


4. T he issue of administrative support to the Subcommittee V 7 as reviewed; 

STAT pointed out that the SECOM itself is very short of secretarial/admin support, 

and thus he felt it was not very likely that the Subcommittee could expect to obtain 
full-time support. However, it was suggested that the SECOM or the IC Staff might 
consider augmenting their present staff with someone whose duties would Include (if 
STAT not be dedicated to) supporting all the SECOM committees. | | stated that he 

would bring this subject up to the SECOM as a recommendation of the CSS. 

5. There was a rather lengthy discussion of the problem of industrial security, 
particularly that of assuring that security procedures for the handling of classified 
material are being followed. Although the problem was acknowledged by all, some of 

the members questioned whether the Subcommittee should be addressing this issue, stating 
the opinion that it was more a problem for the contracting officer than a computer 
security concern. 
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6. The Subcommittee next discussed the subject of the revision to DCID 1/16. 

The NSA member distributed copies of a proposed statement (a copy of which is enclosed) 
of the DCID, and presented an informal briefing of the approach taken and the justi- 
fication for it. Basically, the proposed approach is to offer a simple (essentially 
obvious) policy statement, to the effect that the approval authority is responsible 
for providing protection of SCI in accordance with published policy /guidelines for 
the specific SCI being handled by the system. The paper then delineates the 
authority being bestowed, and the responsibilities which fall upon the approving 
authority. In the NSA approach, the definition of modes could remain in a technical 
guidance portion, but would serve only as examples of allowable operational envi- 
ronments, rather than delimiting the only allowable cases, as in the present version 
of the DCID. It was felt that such an approach, coupled with sufficient technical 
guidance /support would allow the approval authority to structure an operational 
environment which took into account all the myriad factors which affect total system 
security (e.g., user mix, clearances, sensitivity of data, user capabilities, 
technical capabilities of the ADP equipment, special hardware/software security 
features, etc.). Thus, the decision as to whether to allow a multilevel environment 
or to impose severe restrictions could be made by the approval authority strictly 
on the basis of the system operational requirements, security requirements, and the 
strength of the system's security features/mechanisms. The discussion which 
followed was largely based upon the relative merits of a "loose" approach versus 
the present "hard" definition of allowable modes. Mr. McNulty expressed a desire 
for including some accountability mechanisms and procedures which would be aimed 
at assuring uniform application of the policy. 

7. There was a request for a copy of the Director, NSA's speech to the IEEE 
concerning the newly formed DoD Computer Security Center at NSA. A copy of this 
speech is enclosed. 


STAT 8. The next meeting was set for 0930 on 17 November at 

The chairman asked that CIA, Army, and Department of State be prepared to present 
their views on the basic policy statement for the DCID. 

STAT I 


Executive Secretary 


Ends : 
a/s 
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ADDRESS BY LTG LINCOLN D, FAURER, DIElECTOR NSA 
AT IEEE COMPUTER CONFERENCE 81, WASHINGTON, D.C. 

15 SEPTEMBER 1981 


• I WANT TO START OFF BY EXPRESSING MY THANKS TO DR. MILLS 
AND IEEE OFFICIALS FOR THE OPPORTUNITY TO COME HERE THIS 
MORNING AND TELL YOU ABOUT THE NEW DEPARTMENT OF DEFENSE 
COMPUTER SECURITY CENTER. I SAY "NEW" BECAUSE THE ASSIGNMENT 
OF THIS JOB TO MY AGENCY IS VERY RECENT. BUT IN POINT-OF-FACT , 
WE HAVE BEEN INVOLVED IN WORK IN THIS AREA FOR A NUMBER OF 
YEARS, IN SUPPORT OF OUR INTERNAL COMPUTER PROCESSING ACTIVI- 
TIES AND IN SUPPORT OF DEFENSE COMMUNICATIONS SYSTEMS ACQUI- 
SITION EFFORTS, SUCH AS THE PACKET-SWITCHED NETWORK, AUTODIN 
II. 


FIRST, A BIT OF BACKGROUND. AS MANY OF YOU IN THIS CON- 
FERENCE KNOW, CONCERN HAS GROWN IN RECENT YEARS ABOUT THE 
PROBLEM OF MAINTAINING THE SECURITY OF INFORMATION IN AN 
INCREASINGLY AUTOMATED COMMERCIAL AND FEDERAL WORLD. LAST 
YEAR, MY PREDECESSOR, ADMIRAL INMAN, NOW DEPUTY DIRECTOR OF THE 
CIA, WORKING WITH THE OFFICE OF THE SECRETARY OF DEFENSE 
EXAMINED THE NEED^ FOR A TECHNICAL CENTER TO SUPPORT THE MILI- 
TARY AND DEFENSE AGENCIES. THIS LED TO A LETTER ON THE FIRST 
OF JANUARY THIS YEAH FROM THE DEPUTY SECRETARY OF DEFENSE WHICH 
DIRECTED NSA TO ESTABLISH A CENTER FOR COMPUTER SECURITY EVALU- 
ATION. SINCE THEN WE HAVE BEEN BUSY CONSOLIDATING THE INTERNAL 
COMPUTER SECURITY ACTIVITIES OF NSA AND DEVELOPING THE RESOURCE 
REQUIP-EMENTS TO SUPPORT THE CENTER. THIS ORGANIZATION WAS 
FORMALLY ESTABLISHED WITHIN MY AGENCY IN JULY. 

THIS MORNING, I WOULD LIKE TO TALK WITH YOU ABOUT THE 
NEEDS FOR IMPROVEMENTS IN COMPUTER SECURITY AND ALSO THE OTHER 
CHALLENGES WE WILL FACE. BUT MOST IMPORTANTLY--^ WHAT IT IS THIS 
CENTER WILL, AND WILL NOT DO. I SHOULD ALSO LIKE TO TAKE THIS 
OPPORTUNITY TO CLEAR UP ANY MISUNDERSTANDINGS ABOUT THE WAY WE 
WILL CONDUC'i COMPUTER SECURITY ACTIVITIES AT NSA. I HAVE HEARD 
SOME ANXIETIES EXPRESSED BY INDUSTRY AND BY OTHERS AND I WOULD 
LIKE TO CLARIFY OUR INTENTIONS AS MUCH AS POSSIBLE. 

AS I HAVE INTIMATED, THE CONCERN WITHIN DEFENSE ABOUT COM- 
PUTER SECURITY IS A VERY GENUINE ONE. WE LIVE IN A FAST-PACED 
AND TECHNOLOGY INTENSIVE WORLD. FOR THE MILITARY SERVICES AND 
THE OTHER DEFENSE AGENCIES, THE PROBLEM WE FACE IS AN EXPLOSION 
OF INFORMATION, CLASSIFIED AT VARIOUS LEVELS OF DIFFERING 
SENSITIVITIES. OUR WORLD IS FILLED WITH AUTOMATIC DATA PRO- 
CESSING EQUIPMENT, GEOGRAPHICALLY DISPERSED AND OFTEN NETWORKED 


m 
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TOGETHER. THE THREAT TO SECURITY RANGES FROM TEE INADVERTENT 
DUMP OF MATERIAL TO A NONAUTHORI ZED RECIPIENT ALL THE WAY TO 
DELIBERATE PENETRATION . 

I DON'T MEAN TO IMPLY THAT INDIVIDUAL DEFENSE AGENCIES AND 
SERVICES HAVEN'T RECOGNIZED OR TRIED TO TACKLE THE PROBLEM. 

FOR EXAMPLE, WE HAVE TRIED TO DEAL WITH THE PROBLEM BY USING 
TIGER TEAMS TO DELIBERATELY PENETRATE OUR SYSTEMS. THEY ALMOST 
ALWAYS SUCCEED IN ATTAINING ACCESS, SOMETIMES USING SUCH 
SOPHISTICATED EFFORTS THAT THEY LEAVE NO TRACE OP THE ATTEMPT 
TO PENETRATE THE SYSTEM. SUCH EFFORTS WERE USUALLY FOLLOl^ED BY 
TECHNICAL EFFORTS TO CORRECT WEAKNESSES. UNFORTUNATELY THIS 
TYPE OF CORRECTIVE EFFORT WAS GENERALLY UNSUCCESSFUL AND UNRE- 
WARDING. FURTHERMORE, THE CORRECTIVE EFFORTS OFTEN SERIOUSLY 
DEGRADED PERFORMANCE. THE AIR FORCE TOOK THE LEAD ON A MORE 
SUCCESSFUL PROGRAM INVOLVING SECURITY KERNEL TECHNOLOGY. THE 
MOST SUCCESSFUL EFFORT WAS THE SECURITY- ENHANCED MULTICS SYSTEM 
THAT HAS BEEN RUNNING FOR SEVERAL YEARS IN THE PENTAGON. 

A SIGNIFICANT AMOUNT OF TECHNOLOGY IS NOW AVAILABLE, BUT 
IT IS DIFFICULT FOR INDIVIDUAL USERS TO UNDERSTAND WHAT IT IS 
AND IS NOT CAPABLE OF ACHIEVING. A TECHNICAL ORGANIZATION TO 
RESPOND TO THE PROBLEMS OF THE INDIVIDUAL DOD AGENCIES SEEMS 
CALLED FOR. 

• THERE ARE CLEAR REQUIREMENTS FOR SUPPORT TO SUCH ORGANIZA- 
TIONS IN THE NATIONAL SECURITY ESTABLISHMENT FOR EVALUATION OF 
NEW TECHNOLOGY . ' ‘ 

O THERE ARE REQUIREMENTS FOR SYSTEMATIC CERTIFICATION AND 
ACCREDITATION OF SYSTEMS TO BE OPERATED IN A VARIETY OF ENVIRON- 
MENTS . 


• THERE IS A NEED FOR BASIC RESEARCH AND DEVELOPMENT TO BE 
CONSIDERABLY ACCELERATED . 

ONE MIGHT ASK — WHY CHOOSE NSA FOR THE CENTER. I THINK 
THERE ARE SOME STRAIGHTFORWARD ANSWERS. ■» 

« WE ARE A LARGE AND VERY TECHNICAL ORGANIZATION. 

tt WE HAVE A LARGE VJORK FORCE OF SCIENTIFIC AND OTHER PRO- 
FESSIONAL TALENTS THAT PROVIDE THE CRITICAL MASS FROM WHICH TO 
DRAW THE CORE OF MANPOWER NECESSARY TO FORM THE CENTER. WE CAN 
TAKE CONSIDERABLE ADVANTAGE OF OUR WORK IN RELATED AREAS. 

• ALTHOUGH COMPUTER SECURITY SUPPORT IS A DISTINCT AND 
INDEPENDENT FUNCTION, THE NEED TO EXPLOIT ADVANCED TECHNOLOGY 
CLOSELY PARALLELS THE RESPONSIBILITY OF NSA TO OUR NATIONAL 
GOVERNMENT FOR THE SECURITY OF ITS COMMUNICATIONS. 
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AN INITIATIVE IN COMPUTER SECURITY IS NOT WITHOUT ITS PROBLEMS 
AND ITS CHALLENGES. THE MAJORITY OF COMPUTER SYSTEMS IN USE 
SIMPLY DO NOT HAVE SECURITY OF DATA AS THEIR PRIMARY OBJECTIVE. 
USERS ARE MOST INTERESTED IN PERFORMANCE, RELIABILITY, EASE OF 
USE, AND ACCESSIBILITY--^ THEY SHOULD BE. CONTEMPORARY COMPUTER 
SYSTEMS SIMPLY DO NOT PROVIDE RELIABLE PROTECTION OF THEIR DATA, 

AND CONTEMPORARY SYSTEMS ARE OFTEN DISTRIBUTED, WITH SECURITY 
PROBLEMS COMPOUNDED BY REMOTED TERMINAL OR NETWORK CONSIDERATIONS. 
DESPITE THE PROGRESS THAT HAS BEEN MADE, THERE IS A MAJOR SHORTAGE 
OF GOOD COMPUTER SECURITY TECHNOLOGY. INDUSTRY LEADERS HAVE 
TOLD US THAT THIS SITUATION WILL CONTINUE, IN THE ABSENCE OF A 
CERTAIN COMMERCIAL MARKET WILLING TO PAY FOR SUCH PRODUCTS. WE 
ALSO OBSERVE THAT SUCH TECHNOLOGY AS DOES EXIST DOES NOT ENJOY 
WIDESPREAD USE. THERE ARE MANY REASONS FOR THIS; IGNORANCE OF 
THE ATTRIBUTES OF THE PRODUCT, PERFORMANCE DEGRADATION THAT IS 
UNACCEPTABLE, OR COST. 

MANAGEMENT AWARENESS OF THE PROBLEM ACROSS THE DEPARTMENT 
OF DEFENSE NEEDS CONSIDERABLE BOLSTERING. THIS IS NOT AN EASY 
MATTER 1 COMPUTER SECURITY ASPECTS OF COMPUTER OPERATIONS ARE 
VIEWED BY MOST AS A BLACK ART, AND MOST OFFICIALS CAN HARDLY BE 
BLAMED FOR SIMPLY SETTLING FOR ASSURANCES THAT THEY ARE IN COM- 
PLIANCE WITH COMPUTER SECURITY REGULATIONS. I MUST CONFESS THAT 
AN INFORMED VIEW IS THAT THE CREATION OF POLICY AND REGULATION 
ON THIS ISSUE HAVE, IN A SENSE, BEEN GEARED TO THE TECHNOLOGY 
AVAILABLE TO SUPPORT IT. AS ONE OF OUR SENIOR PROFESSIONALS 
OBSERVED IN AN ARTICLE SEVERAL YEARS AGO, "A COMPUTER MAY WELL 
SATISFY ALL REGULATIONS AND STILL BE HIGHLY VULNERABLE." 

BUT AS I HAVE ALLUDED TO EARLIER, PERHAPS* THE BIGGEST 
CHALLENGE WE PACE IS THE ENORMOUS RELIANCE WE MUST PLACE ON 
INDUSTRY. COMPUTER SECURITY FEATURES ARE NECESSARILY PRODUCT- 
PECULIAR AND WE MUST FIND WAYS TO WORK CLOSELY WITH INDUSTRY TO 
HELP PRODUCE TRUSTED COMPUTER SYSTEMS. CLEARLY, IF I AM 
CORRECT IN MY ASSERTION THAT THERE IS A DISTINCT SHORTAGE OF 
RELIABLE SECURITY FEATURES, AND THAT THE BULK OF THE PRODUCTS 
WILL HAVE TO BE COMMERCIALLY PRODUCED, THEN WE WILL OWE IT TO 
OUR DOD CUSTOMERS TO KEEP THE PRESSURE ON INDUSTRY TO PRODUCE. 

THAT PRESSURE WILL NEED TO BE SUSTAINED UNTIL MXrKET AWARENESS 
IS GENERATED AND SECURITY OF INFORMATION, AND OF COMPUTER 
PROCESSES THEMSELVES, BECOME A MAJOR DESIGN GOAL FOR NEW COM- 
MERCIAL SYSTEMS UNDER DEVELOPMENT BY THE MAJOR VENDORS. 

NOW I WOULD LIKE TO TELL YOU ABOUT THE SPECIFIC THINGS THE 
COMPUTER SECURITY CENTER WILL DO. THESE FALL INTO FOUR AREAS: 
RESEARCH AND DEVELOPMENT, ASSISTANCE IN THE ACQUISITION OF DOD 
COMPUTER SYSTEMS, DISSEMINATION OP COMPUTER SECURITY 
INFORMATION, AND EVALUATION OF COMMERCIAL COMPUTER SECURITY 
PRODUCTS . 

FIRST LET ME ADDRESS OUR CONDUCT AND SUPPORT OF RESEARCH 
AND DEVELOPMENT (R&D) . AS I NOTED BEFORE, THE ABSENCE OF 
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TECHNOLOGY IS A MAJOR PROBLEM. I BELIEVE WE NEED AN ACTIVE, 
WELL-FORMED R&D PROGRAM. THIS WORK MUST, OF COURSE, BE 
TECHNICALLY SOUND; BUT, IN ADDITION, IT MUST BE CLEARLY FOCUSED 
ON TECHNOLOGY GAPS WHERE, IF SUCCESSFUL, THE RESEARCH WILL HAVE 
A SIGNIFICANT PAY-OFF IN TERMS OF DOD COMPUTER SECURITY. BOTH 
THE IN-HOUSE WORK AND THE SPONSORED RESEARCH IN INDUSTRY AND 
UNIVERSITIES WILL BE PART OF A COHESIVE PROGRAM WITH SEVERAL 
FACETS . 

• WE WILL EXPLORE THE IMPLICATIONS OF SECURITY ON HARDWARE 
AND SOFTWARE ARCHITECTURES FOR VARIOUS COMPUTER COMPONENTS SUCH 
AS DATA BASE SYSTEMS AND MICROPROCESSORS. 

• WE WILL LOOK FOR MORE EFFECTIVE WAYS TO PROVIDE SECURITY 
IN NETWORKS, ADDRESSING ISSUES SUCH AS COMMUNICATIONS PROTOCOLS 
AND END-TO-END ENCRYPTION. 

• WE WILL SPECIFICALLY WORK ON VERIFICATION TOOLS TO 
ASSIST US IN EVALUATING WHETHER THE SECURITY FEATURES OF 
COMPUTER AND NETWORK SYSTEMS ARE TRULY EFFECTIVE. 

• A SIGNIFICANT THRUST WILL BE DIRECTED TOWARDS APPLYING 
THE EMERGING RESEARCH RESULTS TO REPRESENTATIVE PROBLEMS WHERE 
THE CRITICAL ISSUES OF PERFORMANCE AND FUNCTIONALITY CAN BE 
ASSESSED. 

THESE DEVELOPMENTS WILL BE SELECTED TO PROVOKE THE 
ASSIMILATION OF THE "TECHNOLOGY INTO INDUSTRY PRODUCTS. THE 
RECENTLY ANNOUNCED HONEYWELL SECURE COMMUNICATION PROCESSOR IN 
THEIR LEVEL 6 MINICOMPUTER PRODUCT LINE SERVES AS AN EXAMPLE OF 
THIS PROCESS: THIS PRODUCT WAS BASED DIRECTLY ON PREVIOUS DOD 
SPONSORED RESEARCH THAT PRODUCED THE SECURITY KERNEL 
TECHNOLOGY . 

AND I WOULD POINT OUT ANOTHER IMPORTANT CHARACTERISTIC OF 
OUR R&D; WE ARE COMMITTED TO HAVING THE RESEARCH DONE AND THE 
RESULTS DISSEMINATED IN AN OPEN AND UNCLASSIFIED MANNER, EXCEPT 
IN THOSE EXCEPTIONAL CASES WHERE WE ARE WORKING ON A PREVIOUSLY 
CLASSIFIED BASE. OUR MOTIVATION SHOULD BE CLEAR — THE TRANSFER 
OF THE TECHNOLOGY INTO COMPUTER SECURITY PRODUCTS THAT DOD CAN, 
IN TURN, PURCHASE IS GREALY RESTRICTED IF THE RESEARCH RESULTS 
ARE CLASSIFIED OR OTHERWISE RESTRICTED. IN SHORT, I EXPECT OUR 
R&D TO BE OPENLY AVAILABLE, SIGNIFICANT IN ITS RESULTS, COMPLE- 
MENTARY TO THE WORK OF OTHERS, AND RELEVANT TO DOD AND THE 
OTHER ORGANIZATIONS OF THE NATIONAL SECURITY ESTABLISHMENT. 

OUR SECOND MAJOR TASK IN THE CENTER IS ASSISTING THE DOD 
ELEMENTS IN THE ACQUISITION AND TESTING OF TRUSTED SYSTEMS. 

THE BEST TECHNOLOGY IN THE WORLD IS OF LITTLE VALUE UNTIL WE 
HAVE PUT IT INTO OPERATION. 
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o AS A STARTING POINT, THE SPECIFICATIONS FOR THE ACQUISI- 
TION OF A NEW SYSTEM MUST CLEARLY STATE WHAT COMPUTER SECURITY 
CAPABILITIES ARE REQUIRED. IN THE PAST, REQUIREMENTS HAVE NOT 
ALWAYS BEEN CLEARLY AND CONSISTENTLY SPECIFIED. TO HELP REDRESS 
THIS PROBLEM, THE CENTER WILL DEVELOP A SET OF SECURITY STANDARDS 
AND CORRESPONDING INPUTS FOR USE IN PROCUREMENT SPECIFICATIONS. 
THESE WILL EVOLVE AND GROW AS THE TECHNOLOGY ADVANCES SO THAT 
DOD CAN TAKE FULL ADVANTAGE OF THE ALTERNATIVES AVAILABLE. 
FRANKLY, OUR INTENTION IS TO SIGNIFICANTLY REWARD THOSE DOD 
SUPPLIERS WHO PRODUCE THE COMPUTER SECURITY PRODUCTS THAT WE 
NEED . ■ 


• BEFORE A DOD ELEMENT CAN OPERATE A TRUSTED SYSTEM, 
REGULATIONS REQUIRE A CERTIFICATION AND ACCREDITATION PROCESS. 
THIS PROCESS PROVIDES THE BASIS FOR A JUDGMENT BY THE 
APPROPRIATE APPROVING AUTHORITY THAT THE SYSTEM SHOULD ACTUALLY 
BE TRUSTED FOR THE SIMULTANEOUS PROCESSING OF MULTIPLE LEVELS 
OF CLASSIFIED OR SENSITIVE INFORMATION. AGAIN, THE CENTER WILL 
PROVIDE AN EVOLVING SET OP TECHNICAL STANDARDS AND CRITERIA TO 
AID IN MAKING THESE JUDGMENTS. 

• FOR SELECTED SYSTEMS OF PARTICULAR IMPORTANCE TO DOD, 

THE CENTER WILL DIRECTLY PARTICIPATE IN THIS ACQUISITION 
PROCESS. THIS WILL BE IN THE FORM OF TECHNICAL SUPPORT, 
TAILORED TO THE UNIQUE PROBLEMS OF A PARTICULAR SYSTEM. 

IT SHOULD BSr-CLEAR THAT I EXPECT THE CENTER TO HAVE MAJOR, 
POSITIVE INFLUENCE ON THE SECURITY OF THE COMPUTER SYSTEMS THAT 
ARE BROUGHT INTO THE DOD INVENTORY. SHOULD SOME SUPPLIER 
CHOOSE NOT TO KEEP UP, THEY CAN EXPECT TO BE LEFT BEHIND. TO 
ACHIEVE THIS IMPACT, A LOT OF INFORMATION MOST BE EXCHANGED. 
THUS, A THIRD CENTER FUNCTION IS PROVIDING COMPUTER SECURITY 
DATA CENTER SERVICES. 

• WE WILL PROVIDE A CONSOLIDATED SET OF INFORMATION ON THE 
VARIOUS COMPUTER SECURITY PRODUCTS THAT EXIST IN THE COMMERCIAL 
AND GOVERNMENT SECTORS, AS A SERVICE TO OUR CUSTOMERS. 

» WE WILL ACTIVELY PARTICIPATE IN FOSTERING AN INCREASING 
AWARENESS OF COMPUTER SECURITY PROBLEMS AND SOLUTIONS. FOR DOD 
PERSONNEL WE WILL ASSIST IN IDENTIFYING WORTHWHILE 
OPPORTUNITIES FOR COMPUTER SECURITY EDUCATION, TRAINING, 
SEMINARS, AND WORKSHOPS: WE WILL ORGANIZE AND CONDUCT SUCH 
ACTIVITIES OURSELVES WHERE NEEDED. FURTHERMORE, WE EXPECT TO 
BE ACTIVE IN PUBLIC FORUMS — SUCH AS THIS IEEE CONFERENCE — TO 
KEEP YOU IN THE COMPUTER INDUSTRY INFORMED ON OUR ACTIVITIES 
AND, OF COURSE, TO LEARN ABOUT WHAT YOU ARE DOING. 

• WE WILL OBVIOUSLY PROVIDE A REPOSITORY FOR THE VARIOUS 
STANDARDS AND CRITERIA DEVELOPED BY THE CENTER FOR USE WITHIN 
DOD. 
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THE EFFECTIVE EXCHANGE OF INFORMATION ON COMPUTER SECURITY 
IS TOO IMPORTANT TO BE LEFT TO CHANCE. THEREFORE, THE CENTER 
WILL MAKE IT ITS BUJ^INESS TO STIMULATE AND FACILITATE THIS 
EXCHANGE . j 

THE FINAL FUNCTION -I WANT TO TALK ABOUT IS THE EVALUATION 
OF COMMERCIAL COMPUTER SECURITY PRODUCTS. LET ME FIRST DISTIN- 
GUISH THIS FROM THE CENTER'S ASSISTANCE TO COMPUTER SYSTEMS 
ACQUISITION. THE ACQUISITION SUPPORT THAT I DESCRIBED EARLIER 
IS BASED ON THE UNIQUE ENVIRONMENT OF EACH DOD APPLICATION, AND 
ULTIMATELY SECURITY IS ADDRESSED ON A TOTAL SYSTEM BASIS THAT 
INCLUDES A WIDE RANGE OF FACTORS SUCH AS PHYSICAL, PERSONNEL, 
PROCEDURAL, TEMPEST AND COMMUNICATIONS SECURITY. 

HOWEVER, WE FREQUENTLY FIND THAT A GIVEN VENDOR'S 
HARDWARE/SOFTWARE PRODUCT WILL SHOW UP IN A NUMBER OF DIVERSE 
DOD APPLICATIONS. THEREFORE, IT IS EXTREMELY VALUABLE TO HAVE 
A CAREFUL EVALUATION OF THE TECHNICAL MERIT OF THE PRODUCT 
ITSELF. THIS IS PARTICULARLY USEFUL WHEN SELECTING THE WINNER 
IN A COMPETITIVE PROCUREMENT, SINCE IT MAY BE IMPRACTICAL TO DO 
THE NECESSARY DETAILED EVALUATION FOR EVERY OFFEROR FOR EACH 
PROCUREMENT. THUS, WE CONTEMPLATE THE EVALUATION OF COMMERCIAL 
PRODUCTS AGAINST AN OBJECTIVE SET OF CRITERIA, INDEPENDENT OF 
ANY SPECIFIC DOD APPLICATION. 


THIS EVALUATION OBVIOUSLY CAN ONLY BE BASED ON THE 
INFORMATION THAT IS AVAILABLE TO THE CENTER. THEREFORE, I 
WOULD EMPHASIZE THAT IN MOST CASES FOR A PRODUCT TO HAVE A 
POSITIVE EVALUATION RESULT, WE WILL NEED TO WORK COOPERATIVELY 
WITH THE MANUFACTURER, AS A MATTER OF FACT, THE OFFICE OF THE 
SECRETARY OF DEFENSE HAS ALREADY INITIATED A NUMBER OF SUCH 
COOPERATIVE EVALUATION EFFORTS, AND WE EXPECT TO CONTINUE AND 
EXPAND THESE EFFORTS UNDER THE AUSPICES OF THE CENTER. 

• THE RESULT WILL BE AN EVALUATED PRODUCTS LIST FOR USE 
WITHIN THE NATIONAL SECURITY ESTABLISHMENT. THIS WILL BE BASED 
ON CRITERIA FOR DISTINCT LEVELS, OR "FIGURES OF MERIT." 


O THIS EVALUATION WILL BE DONE ON AN OPEN BASIS. THE 
COOPERATING MANUFACTURER WILL BE PROVIDED THE RESULTS OF THE 
EVALUATION AND THE SUPPORTING RATIONALE. FURTHERMORE, THE 
FIGURE OF MERIT AND, AS APPROPRIATE, SUPPLEMENTAL COMMENTS WILL 
BE PUBLICLY AVAILABLE. 

• HOWEVER, THE CENTER WILL RIGOROUSLY RESPECT THE 
CONFIDENTIALITY OF INFORMATION THAT IS SPECIFICALLY IDENTIFIED 
AS PROPRIETARY WHEN IT IS PROVIDED BY THE MANUFACTURER. 
FURTHERMORE, SPECIFIC VULNERABILITIES THAT ARE IDENTIFIED BY 
THE CENTER WITH THE MANUFACTURER'S COOPERATION WILL BE TREATED 
WITH SIMILAR CONFIDENTIALITY. 
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FINALLY, I WOULD LIKE TO CLEARLY DISTINGUISH BETWEEN MYTH 
AND REALITY IN REGARD TO THE ISSUE OF CLASSIFICATION FOR COMMERCIAL 
PRODUCTS. WE HAVE GIVEN CAREFUL THOUGHT TO THIS ISSUE, AND IF 
YOU WILL PERMIT ME TO CAREFULLY SET ASIDE FROM THIS DISCUSSION 
THE ISSUE OF PUBLIC CRYPTOGRAPHY AS IT APPLIES TO COMPUTER SECURITY, 
WE CANNOT CONCEIVE OF A CONDITION THAT WOULD REQUIRE CL.»SSIFICA- 
TION OF COMMERCIALLY-DEVELOPED COMPUTER SOFTWARE OR HARDWARE 
SYSTEMS, FURTHERMORE, IT IS CLEAR THAT TO DO SO WOULD SEVERELY 
IMPAIR THE EFFECTIVENESS OF THE CENTER. AFTER ALL, WHAT MANU- 
FACTURER WOULD COOPERATE IN THE EVALUATION OF HIS PRODUCT, IF 
THIS COULD POSSIBLY LEAD TO CLASSIFICATION THAT WOULD RESTRICT 
HIS SALE OF THAT PRODUCT? 

NOW LEST I BE MISUNDERSTOOD, IT IS CONCEIVABLE THAT A PARTI- 
CULAR DOD COPY OF SUCH A PRODUCT MIGHT BE CONTROLLED AS CLASSIFIED 
TO PREVENT MALICIOUS TAMPERING WHILE BEING TRANSPORTED; SIMILARLY, 
SPECIFIC VULNERABILITIES IN THE CONTEXT OF A PARTICULAR DOD 
APPLICATION MIGI ? BE CLASSIFIED. BUT THE IMPORTANT THING IS 
THAT NONE OP THESE SORT OF CLASSIFICATION ACTIONS WOULD IN ANY 
WAY RESTRICT THE DISTRIBUTION OF THIS PRODUCT IN THE PRIVATE 
SECTOR. 

IN SUMMARY, LET ME SAY THAT WE HAVE A BIG JOB HERE. THIS 
IS A SERIOUS UNDERTAKING WHICH WILL TAKE SUBSTANTIAL RESOURCES, 

SMART PEOPLE AND LOTS OF HARD WORK. THE THREAT IS A REAL ONE; 

MADE MORE PRESSING BY THE VERY OPENNESS OF OUR SOCIETY AND 
RELATIVELY EASY TARGET WE REPRESENT. SECURITY CONTROLS MUST BE 
AS EFFECTIVE AS WE CAN HELP MAKE THEM WITHOUT SERIOUSLY INTER- 
FERING WITH THE FUNDAMENTAL PURPOSE FOR WHICH THE SYSTEMS ARE 
ACQUIRED. TO MEET THESE OBJECTIVES, WE WILL AGGRESSIVELY PURSUE 
WELL-FOCUSED RESEARCEI AND DEVELOPMENT TO PROVIDE IMPROVED TECH- 
NOLOGY, AND WE WILL STIMULATE EFFECTIVE USE OF THE TECHNOLOGY 
WE ALREADY HAVE. TO FURTHER PROVOKE COMMERCIAL DEVELOPMENT, WE 
WILL INSIST THAT THE SYSTEMS WE BUY INCLUDE THOSE ACHIEVABLE 
SECURITY CAPABILITIES THAT WE NEED. 

FINALLY, I WANT TO EMPHASIZE THAT THE SUCCESS OF THE COM- 
PUTER SECURITY CENTER WILL REQUIRE THE CLOSEST INTERACTION WITH 
INDUSTRY, AND ALTHOUGH WE EMPHASIZE THE FREE AND OPEN EXCHANGE 
OF INFORMATION, WE WILL RESPECT THEIR PROPRIETARY RIGHTS. I 
MIGHT ADD THAT THIS* CLOSE INTERACTION INCLUDES OTHER ELEMENTS 
OF THE TECHNOLOGY COMMUNITY — THE UNIVERSITIES, TECHNICAL INSTI- 
TUTES AND PROFESSIONAL ASSOCIATIONS SUCH AS YOU. AGAIN, MY 
THANKS TO YOU FOR THE OPPORTUNITY TO PRESENT MY VIEWS ON THIS 
SUBJECT AND FOR YOUR ATTENTION THIS MORNING. 


7 ' 
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DClL 1/lb 

PHUlt-ClJub Ub buitclbN 1 :- J L.Lbibbi-vJt. I m AU’iui' A'I t.U L'AIA PKUC t-SS 1 iWG 
3 1 o 1 III I'i G A > iJ I'l b 1 i i It r\ c? 


1. £'uruose--irns airective i-'iescrioes tne autnority and 
responsibilities ot ttie i.dtional boreiqr: intelligence Board 
(iirlhi iiienioeis tor the protection of foreign inteiiigence in 
autor.ated data processirij . (.Atpj systen^s and networKs. . This 
authority ano responsibilities nay oe oelecjatec as appropriate 
for trie particular AOP sys teni/iietwor K invoivea. 

2. Applicdoility--'inis directive applies to ail alih members and 
all other United states Government oepartnents aria agencies wno 
process ang/or store foreign intelligence in AuP systems and 
networks. It applies ei^uaiiy wfietner tne A up systems and 
net’AorKS are useo, ownea, ano/or operated by the Uniteu States 
Government or oy contractors or consultants tor tne uniteu States 
Goverimient. 

3. Policy-- i'ne use of aiiP systems and netv.orks *111 in no way 
endanger foreign intelligence to compi OMiise and exploitation. 
The required protection or toreign intelligence is defined in 
existing cocun en tation Cpoiicy) wnich dictates the handling and 
access of specitic corr.par tu ents ot foreigii intei i igence , The 
oe te 1 1: ina t i Ohi ot wtietne i an aDP systen! or netivork provides the 
requiieo protection will i e sys t e.ii/ne L work s^'ocific.. no v. ever, tne 
t'dsis tor making this uetermination will be consistent and 
uni loir.; tnrougtiouL tne li in comn unity. 

4. Autr.or ity--]o insure uniiurnity ifi ttie protection ot toreign 
i n te i i i g e i'.c e a p'riii'ary tiui. nority iron aiioiiQ the i'<Fin niemters *111 
be exf. licit iy uesiqnateo tor eacn Aiie sy s tem/net v. or k and ail 
decisions taoe oy the » g irmy autliority will oe mutually agreed 
to by all tne ottier i-Fii? users ot each aDP systeni/nec*ork . 

a. Single user syste.'Viiet'-<oi'.<“-lne wfib m eii.be r *tio is tne 
single user of an adp sysLem/rtetwork is designated trie Approval 
Autriority tor mat AUP systeii./netAOi k. 

b. Stiai ec system/net vorN--une r t in member win oe designated 

as tne Priricipai Approval Mutnority Ahen an aUP system/network is 
goirttly used tiy store titan one nr in meiiicei' a no ail other NFlo 

members *no si', are the use ot tt.at AuP sy stem/networK will be 

(jesigi'idted as Secondary snprovai MUtltor ities, 

c. Concateooteu sy s Lu.iis/ne t *cr Ks--.-.tien more than one system/ 

networ k are irttei connected or when a system is connected to a 
network ot syste;.is eacli uFin ireaoer wno is already designated as 
tiie Approval Autnority or principal Approval Authority ot any of 
thie systeiiis/networ ks iiivolveo will becone a member of the joint 
Af)provai Auttiority tor tne conca tena t.eo systenris/networks. The 

Ptincitai approval Au t.'uu 1 ties *111 represent any Secondary 

Approval Auti, unties ot ttieir resp'ective sy stems /net works . Une ot 
the nitii.ters oi tne ooitn. Approval Autnority will oe designated 


Sanitized Copy Approved for Release 2010/11/17 : CIA-RDP87T00623R000200070040-5 



Sanitized Copy Approved for Release 2010/1 1/17 : CIA-RDP87T00623R000200070040-5 

, ( 

t'riiicipdi ooinC Approvaj. nutiiority buL 'ail iterrbeib Enail act as a 
conui.ori bo ay tor Cv-iiryina o'jt tne resicnsiolities ot the Joint 
Approval Auttiority. 

b. responsibility-- 

d . 'ine Api'iovai AutnoriLy, Principal Afprovdl Authority anu 
joiriL Approval Murnority .ill oe responsiole tor: 

1) Assuring tne d.ost econoniical ana ettective utilization 
o t resources * 1 1 1 1 e c o O' P i y i n i with tne policy stated above, 

Z) ioentltyiny tne intorriiat ton protection requirements 
tor the specitic ApP sysLer>./networ< basea or. applicable toreign 
intelligence protection policies. 

JJ uetining th.e set ot protection ii easures/mecnanisrns 
that are required in the APP system/iietwork based on 
functionality ot the system/networK , user/operationai 
environmetit, iii tor mat ion cnaracteristicsf in tor ns at ion protection 
policies, etc . 

4 ) pertorining the teclinrcal assessments, risK analyses, 
etc., upon v.hicn an accreaitation/cer tiiication ot tne AUP 
systen /net AOi'K can be baseo. 

bJ bvaludting tne aijP systerii/net^brk tor compliance with 
tnis policy ano cer tity iruj socn compliance, 

b) r^ccreoitiny trie ;ii)P system/net '-ork and defining tlie 
allov/atile operationai environments naseo or tne assess merits ot 
security ot tne aDP sy stem/netvvor k ano a risk analysis. 

7j Coo r ui na t ing aii ot tne above actions with tne 
beconcary Approvai Authorities to assure mat all users ot an APP 
s y 5 1 e Hi/ tie t or K. iiutuaiiy cu-ii t'e in ttie aec is ioris ii:aae, 

t>, liie becon-jary /.lytovai Auttuuity Aiit support tne 
Principal -M-provai AuLtioriLy in carrying out tiie responsibilities 
aetinea aL ive ancj *111 pat I iciyate ecrualiy Viitn ttie Principal 
Approval Aupnority in tne decisions liiaue. 

6. Sut'er session-- fnis ai iecLive superseoes Director ot Central 
Intelligence Directive ro.l/lb, "becurity ot Compar tmented 
Computer uperations", ettective lo nay ib/u. All other existing 
directives, reyuiations ano otner oocunents reterencing trie 
supetseoed airective siniii ne revised to reflect this 
supersession. 


7, 1 mp ieiTientation--bdcn i.t" id iaeiiiber stiaii oevelop and promulgate 
implemen ting directives odO reguiations Aitnin one year from tlie 
ettective late or tnis cirective. 

b. be v ie * 1 n i s directive sr. ail i>e revie.-.ed within triree years 
trom its etrective date. 
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